Magazine

Microsoft: Now, Privacy Concerns

July 01, 2001

The Internet is only as useful as the information it makes available. But the more personal data that is put on the Web, and the more it is made easily accessible, the greater the danger that it can be misused.

Witness Microsoft Corp.'s (MSFT) latest proposal, code-named HailStorm and its online authentication service Passport. The software giant plans to set up a centralized consumer database housing such information as personal schedules, professional contacts, credit-card numbers, even tastes in music and reading. Such a massive database would carry both enormous potential and enormous danger. On the positive side, it would enable a wide variety of new consumer services. Microsoft claims, for example, that HailStorm can greatly simplify your life by managing your calendar and matching your interests with products and services available on the Web. Passport would give you a universal password and create a Web-wide one-click purchasing system. Indeed, Microsoft's plan is nothing more or less than an attempt to fulfill the original promise of the Internet to transform much of day-to-day living--this time by a single company rather than a gaggle of dot-coms.

But there's a problem: The centralized database would give Microsoft an unprecedented amount of data about consumers. Having all that information in one place would make it very tempting for the company to sell data about consumer preferences to marketers. Moreover, it would make Microsoft's database a tempting target for hackers--and history shows that Microsoft's programs, like most others, have regularly suffered security breaches.

No one wants to stop Microsoft from innovating. But what's needed are privacy rules with teeth in them. The company denies that it plans to sell the data, and it has voluntarily signed on to a set of privacy principles that require consumers to authorize the use of their data for other purposes. Nevertheless, given the amount of data that Microsoft plans to collect, voluntary adherence to privacy is not enough. The government needs to set tighter privacy standards with high penalties for violations--high enough to discourage even Microsoft from misusing the data, and to force the company to pay close attention to protecting the security of the data.

Microsoft has shown its willingness to fight antitrust regulation, but this is different. Privacy regulations would not tilt the playing field against Microsoft. They might even speed consumer acceptance of HailStorm and Passport if Microsoft can point to an official government standard. And in the end, the willingness of consumers to trust their data to Microsoft is what will make the ambitious project work.